Example 6 with SecurityConstraint
use of org.apache.tomcat.util.descriptor.web.SecurityConstraint in project tomcat by apache.
the class TestHttp11Processor method doTestNon2xxResponseAndExpectation.
private void doTestNon2xxResponseAndExpectation(boolean useExpectation) throws Exception {
Tomcat tomcat = getTomcatInstance();
// No file system docBase required
Context ctx = tomcat.addContext("", null);
Tomcat.addServlet(ctx, "echo", new EchoBodyServlet());
ctx.addServletMappingDecoded("/echo", "echo");
SecurityCollection collection = new SecurityCollection("All", "");
collection.addPatternDecoded("/*");
SecurityConstraint constraint = new SecurityConstraint();
constraint.addAuthRole("Any");
constraint.addCollection(collection);
ctx.addConstraint(constraint);
tomcat.start();
byte[] requestBody = "HelloWorld".getBytes(StandardCharsets.UTF_8);
Map<String, List<String>> reqHeaders = null;
if (useExpectation) {
reqHeaders = new HashMap<>();
List<String> expectation = new ArrayList<>();
expectation.add("100-continue");
reqHeaders.put("Expect", expectation);
}
ByteChunk responseBody = new ByteChunk();
Map<String, List<String>> responseHeaders = new HashMap<>();
int rc = postUrl(requestBody, "http://localhost:" + getPort() + "/echo", responseBody, reqHeaders, responseHeaders);
Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN, rc);
List<String> connectionHeaders = responseHeaders.get("Connection");
if (useExpectation) {
Assert.assertEquals(1, connectionHeaders.size());
Assert.assertEquals("close", connectionHeaders.get(0).toLowerCase(Locale.ENGLISH));
} else {
Assert.assertNull(connectionHeaders);
}
}
Also used :
AsyncContext(javax.servlet.AsyncContext)
Context(org.apache.catalina.Context)
Tomcat(org.apache.catalina.startup.Tomcat)
ByteChunk(org.apache.tomcat.util.buf.ByteChunk)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
ArrayList(java.util.ArrayList)
List(java.util.List)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Example 7 with SecurityConstraint
use of org.apache.tomcat.util.descriptor.web.SecurityConstraint in project tomcat by apache.
the class TesterSupport method configureClientCertContext.
protected static void configureClientCertContext(Tomcat tomcat) {
TesterSupport.initSsl(tomcat);
// Need a web application with a protected and unprotected URL
// No file system docBase required
Context ctx = tomcat.addContext("", null);
Tomcat.addServlet(ctx, "simple", new SimpleServlet());
ctx.addServletMappingDecoded("/unprotected", "simple");
ctx.addServletMappingDecoded("/protected", "simple");
// Security constraints
SecurityCollection collection = new SecurityCollection();
collection.addPatternDecoded("/protected");
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(ROLE);
sc.addCollection(collection);
ctx.addConstraint(sc);
// Configure the Realm
TesterMapRealm realm = new TesterMapRealm();
realm.addUser("CN=user1, C=US", "not used");
realm.addUserRole("CN=user1, C=US", ROLE);
ctx.setRealm(realm);
// Configure the authenticator
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("CLIENT-CERT");
ctx.setLoginConfig(lc);
ctx.getPipeline().addValve(new SSLAuthenticator());
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
Context(org.apache.catalina.Context)
TesterMapRealm(org.apache.catalina.startup.TesterMapRealm)
SSLAuthenticator(org.apache.catalina.authenticator.SSLAuthenticator)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Example 8 with SecurityConstraint
use of org.apache.tomcat.util.descriptor.web.SecurityConstraint in project tomcat by apache.
the class ContextConfig method configureContext.
private void configureContext(WebXml webxml) {
// As far as possible, process in alphabetical order so it is easy to
// check everything is present
// Some validation depends on correct public ID
context.setPublicId(webxml.getPublicId());
// Everything else in order
context.setEffectiveMajorVersion(webxml.getMajorVersion());
context.setEffectiveMinorVersion(webxml.getMinorVersion());
for (Entry<String, String> entry : webxml.getContextParams().entrySet()) {
context.addParameter(entry.getKey(), entry.getValue());
}
context.setDenyUncoveredHttpMethods(webxml.getDenyUncoveredHttpMethods());
context.setDisplayName(webxml.getDisplayName());
context.setDistributable(webxml.isDistributable());
for (ContextLocalEjb ejbLocalRef : webxml.getEjbLocalRefs().values()) {
context.getNamingResources().addLocalEjb(ejbLocalRef);
}
for (ContextEjb ejbRef : webxml.getEjbRefs().values()) {
context.getNamingResources().addEjb(ejbRef);
}
for (ContextEnvironment environment : webxml.getEnvEntries().values()) {
context.getNamingResources().addEnvironment(environment);
}
for (ErrorPage errorPage : webxml.getErrorPages().values()) {
context.addErrorPage(errorPage);
}
for (FilterDef filter : webxml.getFilters().values()) {
if (filter.getAsyncSupported() == null) {
filter.setAsyncSupported("false");
}
context.addFilterDef(filter);
}
for (FilterMap filterMap : webxml.getFilterMappings()) {
context.addFilterMap(filterMap);
}
context.setJspConfigDescriptor(webxml.getJspConfigDescriptor());
for (String listener : webxml.getListeners()) {
context.addApplicationListener(listener);
}
for (Entry<String, String> entry : webxml.getLocaleEncodingMappings().entrySet()) {
context.addLocaleEncodingMappingParameter(entry.getKey(), entry.getValue());
}
// Prevents IAE
if (webxml.getLoginConfig() != null) {
context.setLoginConfig(webxml.getLoginConfig());
}
for (MessageDestinationRef mdr : webxml.getMessageDestinationRefs().values()) {
context.getNamingResources().addMessageDestinationRef(mdr);
}
// messageDestinations were ignored in Tomcat 6, so ignore here
context.setIgnoreAnnotations(webxml.isMetadataComplete());
for (Entry<String, String> entry : webxml.getMimeMappings().entrySet()) {
context.addMimeMapping(entry.getKey(), entry.getValue());
}
context.setRequestCharacterEncoding(webxml.getRequestEncoding());
// Name is just used for ordering
for (ContextResourceEnvRef resource : webxml.getResourceEnvRefs().values()) {
context.getNamingResources().addResourceEnvRef(resource);
}
for (ContextResource resource : webxml.getResourceRefs().values()) {
context.getNamingResources().addResource(resource);
}
context.setResponseCharacterEncoding(webxml.getResponseEncoding());
boolean allAuthenticatedUsersIsAppRole = webxml.getSecurityRoles().contains(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
for (SecurityConstraint constraint : webxml.getSecurityConstraints()) {
if (allAuthenticatedUsersIsAppRole) {
constraint.treatAllAuthenticatedUsersAsApplicationRole();
}
context.addConstraint(constraint);
}
for (String role : webxml.getSecurityRoles()) {
context.addSecurityRole(role);
}
for (ContextService service : webxml.getServiceRefs().values()) {
context.getNamingResources().addService(service);
}
for (ServletDef servlet : webxml.getServlets().values()) {
Wrapper wrapper = context.createWrapper();
if (servlet.getLoadOnStartup() != null) {
wrapper.setLoadOnStartup(servlet.getLoadOnStartup().intValue());
}
if (servlet.getEnabled() != null) {
wrapper.setEnabled(servlet.getEnabled().booleanValue());
}
wrapper.setName(servlet.getServletName());
Map<String, String> params = servlet.getParameterMap();
for (Entry<String, String> entry : params.entrySet()) {
wrapper.addInitParameter(entry.getKey(), entry.getValue());
}
wrapper.setRunAs(servlet.getRunAs());
Set<SecurityRoleRef> roleRefs = servlet.getSecurityRoleRefs();
for (SecurityRoleRef roleRef : roleRefs) {
wrapper.addSecurityReference(roleRef.getName(), roleRef.getLink());
}
wrapper.setServletClass(servlet.getServletClass());
MultipartDef multipartdef = servlet.getMultipartDef();
if (multipartdef != null) {
if (multipartdef.getMaxFileSize() != null && multipartdef.getMaxRequestSize() != null && multipartdef.getFileSizeThreshold() != null) {
wrapper.setMultipartConfigElement(new MultipartConfigElement(multipartdef.getLocation(), Long.parseLong(multipartdef.getMaxFileSize()), Long.parseLong(multipartdef.getMaxRequestSize()), Integer.parseInt(multipartdef.getFileSizeThreshold())));
} else {
wrapper.setMultipartConfigElement(new MultipartConfigElement(multipartdef.getLocation()));
}
}
if (servlet.getAsyncSupported() != null) {
wrapper.setAsyncSupported(servlet.getAsyncSupported().booleanValue());
}
wrapper.setOverridable(servlet.isOverridable());
context.addChild(wrapper);
}
for (Entry<String, String> entry : webxml.getServletMappings().entrySet()) {
context.addServletMappingDecoded(entry.getKey(), entry.getValue());
}
SessionConfig sessionConfig = webxml.getSessionConfig();
if (sessionConfig != null) {
if (sessionConfig.getSessionTimeout() != null) {
context.setSessionTimeout(sessionConfig.getSessionTimeout().intValue());
}
SessionCookieConfig scc = context.getServletContext().getSessionCookieConfig();
scc.setName(sessionConfig.getCookieName());
scc.setDomain(sessionConfig.getCookieDomain());
scc.setPath(sessionConfig.getCookiePath());
scc.setComment(sessionConfig.getCookieComment());
if (sessionConfig.getCookieHttpOnly() != null) {
scc.setHttpOnly(sessionConfig.getCookieHttpOnly().booleanValue());
}
if (sessionConfig.getCookieSecure() != null) {
scc.setSecure(sessionConfig.getCookieSecure().booleanValue());
}
if (sessionConfig.getCookieMaxAge() != null) {
scc.setMaxAge(sessionConfig.getCookieMaxAge().intValue());
}
if (sessionConfig.getSessionTrackingModes().size() > 0) {
context.getServletContext().setSessionTrackingModes(sessionConfig.getSessionTrackingModes());
}
}
for (String welcomeFile : webxml.getWelcomeFiles()) {
/*
* The following will result in a welcome file of "" so don't add
* that to the context
* <welcome-file-list>
* <welcome-file/>
* </welcome-file-list>
*/
if (welcomeFile != null && welcomeFile.length() > 0) {
context.addWelcomeFile(welcomeFile);
}
}
// Do this last as it depends on servlets
for (JspPropertyGroup jspPropertyGroup : webxml.getJspPropertyGroups()) {
String jspServletName = context.findServletMapping("*.jsp");
if (jspServletName == null) {
jspServletName = "jsp";
}
if (context.findChild(jspServletName) != null) {
for (String urlPattern : jspPropertyGroup.getUrlPatterns()) {
context.addServletMappingDecoded(urlPattern, jspServletName, true);
}
} else {
if (log.isDebugEnabled()) {
for (String urlPattern : jspPropertyGroup.getUrlPatterns()) {
log.debug("Skipping " + urlPattern + " , no servlet " + jspServletName);
}
}
}
}
for (Entry<String, String> entry : webxml.getPostConstructMethods().entrySet()) {
context.addPostConstructMethod(entry.getKey(), entry.getValue());
}
for (Entry<String, String> entry : webxml.getPreDestroyMethods().entrySet()) {
context.addPreDestroyMethod(entry.getKey(), entry.getValue());
}
}
Also used :
ContextEnvironment(org.apache.tomcat.util.descriptor.web.ContextEnvironment)
Wrapper(org.apache.catalina.Wrapper)
ContextService(org.apache.tomcat.util.descriptor.web.ContextService)
ErrorPage(org.apache.tomcat.util.descriptor.web.ErrorPage)
FilterDef(org.apache.tomcat.util.descriptor.web.FilterDef)
ServletDef(org.apache.tomcat.util.descriptor.web.ServletDef)
SessionConfig(org.apache.tomcat.util.descriptor.web.SessionConfig)
SecurityRoleRef(org.apache.tomcat.util.descriptor.web.SecurityRoleRef)
ContextEjb(org.apache.tomcat.util.descriptor.web.ContextEjb)
FilterMap(org.apache.tomcat.util.descriptor.web.FilterMap)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
ContextResource(org.apache.tomcat.util.descriptor.web.ContextResource)
JspPropertyGroup(org.apache.tomcat.util.descriptor.web.JspPropertyGroup)
MessageDestinationRef(org.apache.tomcat.util.descriptor.web.MessageDestinationRef)
MultipartConfigElement(javax.servlet.MultipartConfigElement)
ContextLocalEjb(org.apache.tomcat.util.descriptor.web.ContextLocalEjb)
MultipartDef(org.apache.tomcat.util.descriptor.web.MultipartDef)
SessionCookieConfig(javax.servlet.SessionCookieConfig)
ContextResourceEnvRef(org.apache.tomcat.util.descriptor.web.ContextResourceEnvRef)
Example 9 with SecurityConstraint
use of org.apache.tomcat.util.descriptor.web.SecurityConstraint in project tomcat by apache.
the class TestMapperWebapps method testRedirect.
@Test
public void testRedirect() throws Exception {
// Disable the following of redirects for this test only
boolean originalValue = HttpURLConnection.getFollowRedirects();
HttpURLConnection.setFollowRedirects(false);
try {
Tomcat tomcat = getTomcatInstance();
// Use standard test webapp as ROOT
File rootDir = new File("test/webapp");
org.apache.catalina.Context root = tomcat.addWebapp(null, "", rootDir.getAbsolutePath());
// Add a security constraint
SecurityConstraint constraint = new SecurityConstraint();
SecurityCollection collection = new SecurityCollection();
collection.addPatternDecoded("/welcome-files/*");
collection.addPatternDecoded("/welcome-files");
constraint.addCollection(collection);
constraint.addAuthRole("foo");
root.addConstraint(constraint);
// Also make examples available
File examplesDir = new File(getBuildDirectory(), "webapps/examples");
org.apache.catalina.Context examples = tomcat.addWebapp(null, "/examples", examplesDir.getAbsolutePath());
examples.setMapperContextRootRedirectEnabled(false);
// Then block access to the examples to test redirection
RemoteAddrValve rav = new RemoteAddrValve();
rav.setDeny(".*");
rav.setDenyStatus(404);
examples.getPipeline().addValve(rav);
tomcat.start();
// Redirects within a web application
doRedirectTest("/welcome-files", 401);
doRedirectTest("/welcome-files/", 401);
doRedirectTest("/jsp", 302);
doRedirectTest("/jsp/", 404);
doRedirectTest("/WEB-INF", 404);
doRedirectTest("/WEB-INF/", 404);
// Redirects between web applications
doRedirectTest("/examples", 404);
doRedirectTest("/examples/", 404);
} finally {
HttpURLConnection.setFollowRedirects(originalValue);
}
}
Also used :
Tomcat(org.apache.catalina.startup.Tomcat)
RemoteAddrValve(org.apache.catalina.valves.RemoteAddrValve)
Context(org.apache.catalina.Context)
File(java.io.File)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
TomcatBaseTest(org.apache.catalina.startup.TomcatBaseTest)
Test(org.junit.Test)
Example 10 with SecurityConstraint
use of org.apache.tomcat.util.descriptor.web.SecurityConstraint in project jaggery by wso2.
the class TomcatJaggeryWebappsDeployer method handleWebappDeployment.
/**
* Deployment procedure of Jaggery apps
*
* @param webappFile The Jaggery app file to be deployed
* @param contextStr jaggery app context string
* @param webContextParams context-params for this Jaggery app
* @param applicationEventListeners Application event listeners
* @throws CarbonException If a deployment error occurs
*/
protected void handleWebappDeployment(File webappFile, String contextStr, List<WebContextParameter> webContextParams, List<Object> applicationEventListeners) throws CarbonException {
String filename = webappFile.getName();
ArrayList<Object> listeners = new ArrayList<Object>(1);
// listeners.add(new CarbonServletRequestListener());
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setAuthConstraint(true);
SecurityCollection securityCollection = new SecurityCollection();
securityCollection.setName("ConfigDir");
securityCollection.setDescription("Jaggery Configuration Dir");
securityCollection.addPattern("/" + JaggeryCoreConstants.JAGGERY_CONF_FILE);
securityConstraint.addCollection(securityCollection);
WebApplicationsHolder webApplicationsHolder = WebAppUtils.getWebappHolder(webappFile.getAbsolutePath(), configurationContext);
try {
JSONObject jaggeryConfigObj = readJaggeryConfig(webappFile);
Tomcat tomcat = DataHolder.getCarbonTomcatService().getTomcat();
Context context = DataHolder.getCarbonTomcatService().addWebApp(contextStr, webappFile.getAbsolutePath(), new JaggeryDeployerManager.JaggeryConfListener(jaggeryConfigObj, securityConstraint));
//deploying web app for url mapping inside virtual host
if (DataHolder.getHotUpdateService() != null) {
List<String> hostNames = DataHolder.getHotUpdateService().getMappigsPerWebapp(contextStr);
for (String hostName : hostNames) {
Host host = DataHolder.getHotUpdateService().addHost(hostName);
/* ApplicationContext.getCurrentApplicationContext().putUrlMappingForApplication(hostName, contextStr);
*/
Context contextForHost = DataHolder.getCarbonTomcatService().addWebApp(host, "/", webappFile.getAbsolutePath(), new JaggeryDeployerManager.JaggeryConfListener(jaggeryConfigObj, securityConstraint));
log.info("Deployed JaggeryApp on host: " + contextForHost);
}
}
Manager manager = context.getManager();
if (isDistributable(context, jaggeryConfigObj)) {
//Clusterable manager implementation as DeltaManager
context.setDistributable(true);
// Using clusterable manager
CarbonTomcatClusterableSessionManager sessionManager;
if (manager instanceof CarbonTomcatClusterableSessionManager) {
sessionManager = (CarbonTomcatClusterableSessionManager) manager;
sessionManager.setOwnerTenantId(tenantId);
} else {
sessionManager = new CarbonTomcatClusterableSessionManager(tenantId);
context.setManager(sessionManager);
}
Object alreadyinsertedSMMap = configurationContext.getProperty(CarbonConstants.TOMCAT_SESSION_MANAGER_MAP);
if (alreadyinsertedSMMap != null) {
((Map<String, CarbonTomcatClusterableSessionManager>) alreadyinsertedSMMap).put(context.getName(), sessionManager);
} else {
sessionManagerMap.put(context.getName(), sessionManager);
configurationContext.setProperty(CarbonConstants.TOMCAT_SESSION_MANAGER_MAP, sessionManagerMap);
}
} else {
if (manager instanceof CarbonTomcatSessionManager) {
((CarbonTomcatSessionManager) manager).setOwnerTenantId(tenantId);
} else if (manager instanceof CarbonTomcatSessionPersistentManager) {
((CarbonTomcatSessionPersistentManager) manager).setOwnerTenantId(tenantId);
log.debug(manager.getInfo() + " enabled Tomcat HTTP Session Persistent mode using " + ((CarbonTomcatSessionPersistentManager) manager).getStore().getInfo());
} else {
context.setManager(new CarbonTomcatSessionManager(tenantId));
}
}
context.setReloadable(false);
JaggeryApplication webapp = new JaggeryApplication(this, context, webappFile);
webapp.setServletContextParameters(webContextParams);
webapp.setState("Started");
webApplicationsHolder.getStartedWebapps().put(filename, webapp);
webApplicationsHolder.getFaultyWebapps().remove(filename);
registerApplicationEventListeners(applicationEventListeners, context);
log.info("Deployed webapp: " + webapp);
} catch (Throwable e) {
//catching a Throwable here to avoid web-apps crashing the server during startup
StandardContext context = new StandardContext();
context.setName(webappFile.getName());
context.addParameter(WebappsConstants.FAULTY_WEBAPP, "true");
JaggeryApplication webapp = new JaggeryApplication(this, context, webappFile);
webapp.setProperty(WebappsConstants.WEBAPP_FILTER, JaggeryConstants.JAGGERY_WEBAPP_FILTER_PROP);
String msg = "Error while deploying webapp: " + webapp;
log.error(msg, e);
webapp.setFaultReason(new Exception(msg, e));
webApplicationsHolder.getFaultyWebapps().put(filename, webapp);
webApplicationsHolder.getStartedWebapps().remove(filename);
throw new CarbonException(msg, e);
}
}
Also used :
ConfigurationContext(org.apache.axis2.context.ConfigurationContext)
PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext)
Context(org.apache.catalina.Context)
StandardContext(org.apache.catalina.core.StandardContext)
Tomcat(org.apache.catalina.startup.Tomcat)
JaggeryDeployerManager(org.jaggeryjs.jaggery.core.manager.JaggeryDeployerManager)
ArrayList(java.util.ArrayList)
CarbonException(org.wso2.carbon.CarbonException)
Host(org.apache.catalina.Host)
CarbonTomcatClusterableSessionManager(org.wso2.carbon.core.session.CarbonTomcatClusterableSessionManager)
Manager(org.apache.catalina.Manager)
JaggeryDeployerManager(org.jaggeryjs.jaggery.core.manager.JaggeryDeployerManager)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
CarbonException(org.wso2.carbon.CarbonException)
JSONObject(org.json.simple.JSONObject)
CarbonTomcatClusterableSessionManager(org.wso2.carbon.core.session.CarbonTomcatClusterableSessionManager)
StandardContext(org.apache.catalina.core.StandardContext)
JSONObject(org.json.simple.JSONObject)
Map(java.util.Map)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Aggregations
SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)32
SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)21
LoginConfig (org.apache.tomcat.util.descriptor.web.LoginConfig)13
Context (org.apache.catalina.Context)12
TesterServlet (org.apache.catalina.startup.TesterServlet)5
TesterMapRealm (org.apache.catalina.startup.TesterMapRealm)4
Tomcat (org.apache.catalina.startup.Tomcat)4
Test (org.junit.Test)4
ArrayList (java.util.ArrayList)3
Wrapper (org.apache.catalina.Wrapper)3
BasicAuthenticator (org.apache.catalina.authenticator.BasicAuthenticator)3
SSLAuthenticator (org.apache.catalina.authenticator.SSLAuthenticator)3
StandardContext (org.apache.catalina.core.StandardContext)3
Principal (java.security.Principal)2
Container (org.apache.catalina.Container)2
DigestAuthenticator (org.apache.catalina.authenticator.DigestAuthenticator)2
NonLoginAuthenticator (org.apache.catalina.authenticator.NonLoginAuthenticator)2
Request (org.apache.catalina.connector.Request)2
Response (org.apache.catalina.connector.Response)2
TesterServletEncodeUrl (org.apache.catalina.startup.TesterServletEncodeUrl)2
